x
Breaking News
More () »

Ransomware attack on CDOT might have been stopped if it was one week later

What has Colorado learned from the ransomware attack on state computers?
CDOT interview

DENVER — Seven weeks have passed since a ransomware attack at the Colorado Department of Transportation, and things are almost normal again – a new kind of normal.

The first two weeks were spent containing the SamSam virus that brought down CDOT’s business operations and forced employees onto a pen-and-paper system. Now, more than 90 percent of operations are up and running, passwords are all reset and smaller tasks – like getting contractors back online – are in the works.

“We’ve learned a lot of things that we have got documented,” says Deborah Blyth, the chief information security officer for the state.

According to Blyth, the attack almost never happened in the first place. The state had been in the process of rolling out new protections that could have stopped SamSam, and CDOT was due to install theirs the following week. When hackers infected CDOT, Blyth’s team rolled out the safeguards broadly right away.

Even so, the setup Colorado already had in place stopped the virus from advancing further into CDOT and other state departments.

“One thing that played into our favor was network segmentation, where the attack just didn’t run rampant through the state network. The attack was very much contained to CDOT’s business operations,” Blyth says. “It didn’t impact traffic operations because we had segmentation in place.”

Keeping all the deparment's backups offline prevented hackers from accessing those, as well.

RELATED: More malicious activity on CDOT computers reported

RELATED: Ransomware attacking CDOT now affecting how employees are paid

RELATED: CDOT computers held for ransom, virus demands bitcoin payment

Colorado handed its records over to the FBI to investigate this virus and the hackers, who demanded Bitcoin in exchange for the return of the network. While, perhaps initially, it could have been cheaper to pay the ransom, Blyth said that isn’t an option.

“Number one, you’re dealing with criminals. You might pay the ransom, you might not get the key to un-encrypt the files. Number two, you’re going to fund activities that you’re not going to agree with. Number three, I was in a secret service briefing yesterday, in which they said if you pay the ransom, you are setting yourself up as a future victim, as well. And number four, we learned some lessons about security and about our environment that we needed to fix, so these things needed to be done and they needed to be done quicker than just over time, and so I’m really glad that we had this opportunity to really focus on CDOT and get it to a much healthier state.”

Blyth says she has advised other state and local governments across the country that reached out asking about SamSam.

FULL INTERVIEW:

Before You Leave, Check This Out